mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-03 17:12:20 +02:00
Merge branch 'main' into lunny/project_workflow
This commit is contained in:
commit
6aa14d7c45
2
.github/workflows/giteabot-backport.yml
vendored
2
.github/workflows/giteabot-backport.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 30
|
||||
steps:
|
||||
- uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5)
|
||||
- uses: go-gitea/giteabot@d4f19d5b4a88059d8c3ca78d660631506fc0c286 # add retry logic to giteabot
|
||||
with:
|
||||
github_token: ${{ secrets.GITEABOT_TOKEN }}
|
||||
gitea_fork: giteabot/gitea
|
||||
|
||||
2
.github/workflows/giteabot.yml
vendored
2
.github/workflows/giteabot.yml
vendored
@ -45,7 +45,7 @@ jobs:
|
||||
steps:
|
||||
# pull_request_review runs without repository secrets on fork PRs, so fall
|
||||
# back to the workflow token for the non-backport checks handled here.
|
||||
- uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5)
|
||||
- uses: go-gitea/giteabot@d4f19d5b4a88059d8c3ca78d660631506fc0c286 # add retry logic to giteabot
|
||||
with:
|
||||
github_token: ${{ secrets.GITEABOT_TOKEN || github.token }}
|
||||
checks: ${{ github.event.inputs.checks || 'labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions' }}
|
||||
|
||||
29
modules/actions/artifacts.go
Normal file
29
modules/actions/artifacts.go
Normal file
@ -0,0 +1,29 @@
|
||||
// Copyright 2026 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package actions
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/binary"
|
||||
"io"
|
||||
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
)
|
||||
|
||||
type tagType string
|
||||
|
||||
// BuildSignature builds a hmac signature for the input values.
|
||||
// "tag" is an internal pre-defined static string to distinguish the signatures for different purpose.
|
||||
func BuildSignature(tag tagType, vals ...string) []byte {
|
||||
m := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
|
||||
_, _ = io.WriteString(m, string(tag))
|
||||
var buf8 [8]byte
|
||||
for _, v := range vals {
|
||||
binary.LittleEndian.PutUint64(buf8[:], uint64(len(v)))
|
||||
_, _ = m.Write(buf8[:])
|
||||
_, _ = io.WriteString(m, v)
|
||||
}
|
||||
return m.Sum(nil)
|
||||
}
|
||||
36
modules/actions/artifacts_test.go
Normal file
36
modules/actions/artifacts_test.go
Normal file
@ -0,0 +1,36 @@
|
||||
// Copyright 2026 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package actions
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestBuildSignature(t *testing.T) {
|
||||
a := BuildSignature("v0", "x")
|
||||
b := BuildSignature("v0", "x")
|
||||
assert.Equal(t, a, b)
|
||||
|
||||
a = BuildSignature("v0", "x", "yz")
|
||||
b = BuildSignature("v0", "xy", "z")
|
||||
assert.NotEqual(t, a, b)
|
||||
|
||||
a = BuildSignature("v1", "x")
|
||||
b = BuildSignature("v2", "x")
|
||||
assert.NotEqual(t, a, b)
|
||||
|
||||
a = BuildSignature("v0", "x")
|
||||
b = BuildSignature("v0x")
|
||||
assert.NotEqual(t, a, b)
|
||||
|
||||
a = BuildSignature("v0", "", "x")
|
||||
b = BuildSignature("v0", "x", "")
|
||||
assert.NotEqual(t, a, b)
|
||||
|
||||
a = BuildSignature("v0")
|
||||
b = BuildSignature("v0")
|
||||
assert.Equal(t, a, b)
|
||||
}
|
||||
@ -104,6 +104,7 @@ import (
|
||||
|
||||
actions_model "code.gitea.io/gitea/models/actions"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
actions_module "code.gitea.io/gitea/modules/actions"
|
||||
"code.gitea.io/gitea/modules/httplib"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/optional"
|
||||
@ -162,13 +163,7 @@ func ArtifactsV4Routes(prefix string) *web.Router {
|
||||
}
|
||||
|
||||
func (r *artifactV4Routes) buildSignature(endpoint, expires, artifactName string, taskID, artifactID int64) []byte {
|
||||
mac := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
|
||||
mac.Write([]byte(endpoint))
|
||||
mac.Write([]byte(expires))
|
||||
mac.Write([]byte(artifactName))
|
||||
_, _ = fmt.Fprint(mac, taskID)
|
||||
_, _ = fmt.Fprint(mac, artifactID)
|
||||
return mac.Sum(nil)
|
||||
return actions_module.BuildSignature("v4", endpoint, expires, artifactName, strconv.FormatInt(taskID, 10), strconv.FormatInt(artifactID, 10))
|
||||
}
|
||||
|
||||
func (r *artifactV4Routes) buildArtifactURL(ctx *ArtifactContext, endpoint, artifactName string, taskID, artifactID int64) string {
|
||||
|
||||
@ -6,7 +6,6 @@ package repo
|
||||
import (
|
||||
go_context "context"
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
@ -21,9 +20,9 @@ import (
|
||||
"code.gitea.io/gitea/models/db"
|
||||
repo_model "code.gitea.io/gitea/models/repo"
|
||||
secret_model "code.gitea.io/gitea/models/secret"
|
||||
"code.gitea.io/gitea/modules/actions"
|
||||
"code.gitea.io/gitea/modules/httplib"
|
||||
"code.gitea.io/gitea/modules/optional"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/modules/web"
|
||||
@ -1959,11 +1958,7 @@ func DeleteArtifact(ctx *context.APIContext) {
|
||||
}
|
||||
|
||||
func buildSignature(endp string, expires, artifactID int64) []byte {
|
||||
mac := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
|
||||
mac.Write([]byte(endp))
|
||||
fmt.Fprint(mac, expires)
|
||||
fmt.Fprint(mac, artifactID)
|
||||
return mac.Sum(nil)
|
||||
return actions.BuildSignature("api", endp, strconv.FormatInt(expires, 10), strconv.FormatInt(artifactID, 10))
|
||||
}
|
||||
|
||||
func buildDownloadRawEndpoint(repo *repo_model.Repository, artifactID int64) string {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user